Yeahlink

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-14657 1Yeahlink 3T49g Firmware T58v FirmwareVp59 Firmware Jun 17, 2026 Oct 8, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement...Show more Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.Show less
CVE-2019-14656 1Yeahlink 3T49g Firmware T58v FirmwareVp59 Firmware Jun 17, 2026 Oct 8, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Yealink phones through 2019-08-04 do not properly check user roles in POST requests. Consequently, the default User account (with a password of user) can make admin requests via HTTP.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2019-14657

1Yeahlink

3T49g Firmware

T58v FirmwareVp59 Firmware

Jun 17, 2026

Oct 8, 2019

N/A· v4

8.8 HIGH· v3

9.0 HIGH· v2

Yealink phones through 2019-08-04 have an issue with OpenVPN file upload. They execute tar as root to extract files, but do not validate the extraction directory. Creating a tar file with ../../../../ allows replacement of almost any file on a phone. This leads to password replacement and arbitrary code execution as root.Show less

CVE-2019-14656